Home Malware Programs Ransomware TowerWeb Ransomware

TowerWeb Ransomware

Posted: June 27, 2016

Threat Metric

Threat Level: 10/10
Infected PCs: 58
First Seen: June 27, 2016
OS(es) Affected: Windows

The TowerWeb Ransomware is a Trojan that pretends to encrypt the contents of your computer while displaying a standard ransom message implying that paying will provide a decryption solution. Unbeknownst to the victim, the TowerWeb Ransomware's real payload deletes a limited amount of local data without encrypting any content. Contrary to its advice, the ideal response to this threat is using your anti-malware programs for removing the TowerWeb Ransomware infections, along with any of a variety of data recovery tools for reversing its attacks.

A Digital Tower of Falsified Attacks

Within the realm of ransomware campaigns, most threat authors prefer to mislead their victims with a variety of false claims and implications, always meant to force them into paying the ransoms hastily. Most of these fraudulent messages exaggerate the extent of the Trojan's impact or potency, but malware experts see few as blatant about their deceits as the TowerWeb Ransomware. This Trojan is not a file encryptor at all, and can neither encrypt nor decrypt any information on your PC.

The TowerWeb Ransomware displays an Anonymous-themed desktop image that falsely claims that the TowerWeb Ransomware has encrypted the valuable contents of your PC and moved all such files to a concealed partition. However, the real payload of a TowerWeb Ransomware infection differs significantly from its description:

  • The TowerWeb Ransomware deletes data associated with the Windows user's profile, as well as temporary files saved to the Windows TEMP directory.
  • The TowerWeb Ransomware empties the Windows Recycle Bin, preventing a victim from using the most visible means of data recovery available.
  • The Trojan also calls the SwapMouseButton function, which reverses the effects of the right and left mouse inputs.
  • As its last attack, the TowerWeb Ransomware sets the PC into a permanent reboot loop. Default Windows Run commands, if issued sufficiently quickly, can stop an upcoming system reboot.

The TowerWeb Ransomware asks for the usual ransom fees demanded by real file-encoding Trojans but lacks such features in their entirety. As a result, malware experts note that a victim has nothing to gain by paying the TowerWeb Ransomware's ransom.

Toppling a Trojan's Foundation of Falsehoods

The TowerWeb Ransomware is a particularly bold case of a Trojan that has no problems lying to its victims, while, in other respects, staying in line with the theoretical profit model of a real file encryption Trojan. Although it has no capabilities for encrypting data, the TowerWeb Ransomware does represent a security hazard that threatens the basic usability and safety of your PC. Unlike real file encryptors, the TowerWeb Ransomware also has no reason to refrain from causing more permanent damage to its host computer.

You should disable the TowerWeb Ransomware through such methods as launching in Safe Mode or entering the appropriate Windows commands to stop its automatic reboots and related risks. Although the TowerWeb Ransomware does remove Recycle Bin data, advanced data recovery tools often can recover information that has been erased in such a manner, presuming that the PC user acts expediently. Since there is a possibility of new data creation overwriting old, wiped data, malware experts also recommend refraining from any unnecessary use of the infected PC not related to re-securing it. You can reverse the 'mouse swapping' function call within Windows with no necessary assistance from a third-party program.

Even more than with most Trojans, paying the ransom that this threat demands is a waste of the victim's time and money. Delete the TowerWeb Ransomware with the anti-malware product of your choice, and reserve your money for uses other than rewarding amateur threat authors.

Loading...